Course Schedule

For 2026, I am attempting a bit of an overhaul on the assigned papers. Please be aware that this schedule may change as I update papers and topics covered.

You are expected to read these papers before the class that they are assigned. For papers that entail a required review, you must submit a paper review by Noon CT on the day that paper is to be discussed. In addition, the "Due dates" column indicates other items due on that day.

Date	Topic and Notes	Due dates	Readings for this class
Section 1: Introduction and Foundations
M 5-Jan	Introduction (slides)
W 7-Jan	How to read a paper (slides) (Whiteboard photos (thanks Yang!): 1, 2)	Paper review due by noon CT!	Required reading: The Myth of Double-Blind Review Revisited: ACL vs. EMNLP. Cornelia Caragea, Ana Sabina Uban, and Liviu P. Dinu. EMNLP 2019. Optional reading(s): Double Blind Review at SSBSE. Prof. Claire Le Goues.
M 12-Jan	Discussion: end-to-end systems abstraction (Whiteboard photos (thanks Yang!): 1, 2)		No required readings. Recommended pwn.college challenge: Introduction to Cybersecurity More specifically, this one: Binary Exploitation
W 14-Jan	Foundations: Binaries, Viruses, malware analysis	Paper review of "Hiding in the Particles" due by noon CT!	Required readings: Smashing the Stack For Fun and Profit. Aleph One. (This one is especially required if you are not familiar with stack overflows) Hiding in the Particles: When Return-Oriented Programming Meets Program Obfuscation. Pietro Borrello, Emilio Coppa, and Daniele Cono D'Elia. DSN 2021. Optional reading(s): Survivalism: Systematic Analysis of Windows Malware Living-Off-The-Land. Frederick Barr-Smith, Xabier Ugarte-Pedrero, Mariano Graziano, Riccardo Spolaor, and Ivan Martinovic. Oakland 2021. Recommended pwn.college challenges Program Security Return-Oriented Programming
M 19-Jan	No class (MLK day)
Section 2: Malware, Analysis, and Defenses
W 21-Jan	Moving Target Defenses: Virtual Machines and Automated Diversification		Required reading: Inspecting Virtual Machine Diversification Inside Virtualization Obfuscation. Naiqian Zhang, Dongpeng Xu, Jiang Ming, Jun Xu, Qiaoyan Yu. Oakland 2025. Optional reading(s): SoK: Automated Software Diversity. Per Larsen, Andrei Homescu, Stefan Brunthaler, and Michael Franz. Oakland 2014. Spotless Sandboxes: Evading Malware Analysis Systems using Wear-and-Tear Artifacts. Najmeh Miramirkhani, Mahathi Priya Appini, Nick Nikiforakis, and Michalis Polychronakis. Oakland 2017 Survey of Cyber Moving Targets, Second Edition. BC Ward, SR Gomez, RW Skowyra, D Bigelow, JN Martin, JW Landry, and H Okhravi. (MIT Lincoln Laboratory Technical Report)
M 26-Jan	~~Evasive Malware and Automated Analysis~~	~~Paper review due by noon CT!~~	Required reading: Reducing Malware Analysis Overhead with Coverings. Michael Sandborn, Zach Stoebner, Westley Weimer, Stephanie Forrest, Ryan Dougherty, Jules White, and Kevin Leach. TDSC 2023. Optional reading(s): Using Hardware Features for Increased Debugging Transparency. Fengwei Zhang, Kevin Leach, Angelos Stavrou, Haining Wang, and Kun Sun. Oakland 2015.
W 28-Jan	~~Project Pitches and Discussion~~ Class canceled due to weather.	~~Submit your 500-word writeup via the submission system. See here.~~	No required readings.
M 2-Feb	~~Static and Dynamic Software Analysis, Fuzzing~~ Evasive malware, dynamic analysis, Project Pitch Discussion Class shifted due to weather.		Required readings: the HW2 specification Toss a Fault to Your Witcher: Applying Grey-Box Coverage-Guided Mutational Fuzzing. Erik Trickel, Fabio Pagani, Chang Zhu, Lukas Dresel, Giovanni Vigna, Christopher Kruegel, Ruoyu Wang, Tiffany Bao, Yan Shoshitaishvili, and Adam Doupé. Oakland 2023. Optional reading(s): LLVM: A Compilation Framework for Lifelong Program Analysis & Transformation. Chris Lattner and Vikram Adve. Proceedings of the 2004 International Symposium on Code Generation and Optimization (CGO'04).
Section 3: Low Level, Hardware, Kernel, Systems Security
W 4-Feb	Catch up: Static/Dynamic Analysis Architectural sidechannels, Hardware Security	HW1 due 2/6 at 11:59PM Central Moved to 6-Feb	Required readings: SLAP: Data Speculation Attacks via Load Address Prediction on Apple Silicon. Jason Kim, Daniel Genkin, Yuval Yarom. Oakland 2025 (Distinguished Paper Award). (paper website) Optional reading(s): Spectre: Exploiting Speculative Execution. Paul Kocher, Jann Horn, Anders Fogh, Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg, Moritz Lipp, Stefan Mangard, Thomas Prescher, Michael Schwarz, and Yuval Yarom. Oakland 2019. Meltdown: Reading Kernel Memory from User Space. Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Anders Fogh, Jann Horn, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, and Mike Hamburg. Usenix Security 2018.
M 9-Feb	Kernel rootkits		Required reading: KShot: Live Kernel Patching with SMM and SGX. Lei Zhou, Fengwei Zhang, Jinghui Liao, Zhengyu Ning, Jidong Xiao, Kevin Leach, Westley Weimer, and Guojun Wang. In DSN 2021 (best paper runner up).
W 11-Feb	~~GPU Security~~ Architectural side channels, KShot catchup		Required reading: CAGE: Complementing Arm CCA with GPU Extensions. Chenxu Wang, Fengwei Zhang, Yunjie Deng, Kevin Leach, Jiannong Cao, Zhenyu Ning, Shoumeng Yan, and Zhengyu He. NDSS 2024.
Section 4: Machine Learning, Large Language Models
M 16-Feb	GPU Security		Required reading: CAGE: Complementing Arm CCA with GPU Extensions. Chenxu Wang, Fengwei Zhang, Yunjie Deng, Kevin Leach, Jiannong Cao, Zhenyu Ning, Shoumeng Yan, and Zhengyu He. NDSS 2024.
W 18-Feb	Machine Learning, Stealing Models	Please complete this poll by Friday 2/20 for paper presentations!	Required reading: Stealing Machine Learning Models via Prediction APIs. Florian Tramer, Fan Zhang, Ari Juels, Michael K. Reiter, and Thomas Ristenpart. USENIX Security 2016. Optional readings: Deep Neural Networks are Easily Fooled: High Confidence Predictions for Unrecognizable Images (CVPR2015) Intriguing Properties of Neural Networks (ICLR 204) Google's Cloud Vision API Is Not Robust To Noise (ICMLA 2017) Natural Adversarial Examples (CVPR 2021) Iterative Feature Mining for Constraint-Based Data Collection to Increase Data Diversity and Model Robustness (EMNLP 2020)
M 23-Feb	Prompt stealing from LLMs; importance of data.		Required Reading Cross-Modal Prompt Inversion: Unifying Threats to Text and Image Generative AI Models. Dayong Ye, Tianqing Zhu, Feng He, Bo Liu, Minhui Xue, Wanlei Zhou. Usenix 2025.
W 25-Feb	Machine Learning for Malware Analysis and Beyond	Paper review due by noon CT!	Required reading: PBP: Post-Training Backdoor Purification for Malware Classifiers. Dung Thuy Nguyen, Ngoc N. Tran, Taylor T. Johnson, and Kevin Leach. NDSS 2025.
M 2-Mar	Project Proposal Presentations (day 1)	Submit your presentation slides and writeup: see here.
W 4-Mar	Project Proposal Presentations (day 2)
M 9-Mar	No class, Spring break
W 11-Mar	No class, Spring break
M 16-Mar	Machine Unlearning		Required Reading SUGAR: A Sweeter Spot for GEnerative Unlearning of Many Identities. Dung Thuy Nguyen, Quang Nguyen, Preston K. Robinette, Eli Jiang, Taylor T. Johnson, Kevin Leach. To Appear in the 2026 Winter Conference on the Application of Computer Vision (WACV'26).
Section 5: LLMs, Software Security, Vulnerabilities
W 18-Mar	LLM-based Software Patching		Required Reading: Examining Zero-Shot Vulnerability Repair with Large Language Models. By Hammond Pearce, Benjamin Tan, Baleegh Ahmad, Ramesh Karri, Brendan Dolan-Gavitt. Oakland 2023.
M 23-Mar	LLM Fingerprinting		Required Reading: LLMmap: Fingerprinting for Large Language Models. Dario Pasquini, Evgenios M. Kornaropoulos, Giuseppe Ateniese. Usenix 2025.
W 25-Mar	LLM Jailbreaking	HW2 due at 11:59PM Central on Thursday 3/26	Required Readings Homework 3 Specification. Mind the Inconspicuous: Revealing the Hidden Weakness in Aligned LLMs' Refusal Boundaries Jiahao Yu, Haozheng Luo, Jerry Yao-Chieh Hu, Yan Chen, Wenbo Guo, Han Liu, Xinyu Xing Usenix 2025.
Section 6: Human Subject Research, Research Ethics
M 30-Mar	Ethics (of research and security)		Required Reading: On the Feasibility of Stealthily Introducing Vulnerabilities in Open-source Software via Hypocrite Commits. Qiushi Wu and Kangjie Lu. Formerly in Oakland 2021. Optional reading: Letter from authors withdrawing paper from conference proceedings.
W 1-Apr	Foundations: human studies		Required reading: Breaking the Flow: A Study of Interruptions During Software Engineering Activities. Yimeng Ma, Yu Huang, Kevin Leach. ICSE 2024 (Distinguished Paper Award). Optional readings: Neurological Divide: an fMRI Study of Prose and Code Writing. Ryan Kruger, Yu Huang, Xinyu Liu, Tyler Santander, Westley Weimer, and Kevin Leach. In ICSE 2020. Distilling Neural Representations of Data Structure Manipulation using fMRI and fNIRS. Yu Huang, Xinyu Liu, Ryan Krueger, Tyler Santander, Xiaosu Hun, Kevin Leach, and Westley Weimer. In ICSE 2019 (ACM Distinguished Paper Award).
M 6-Apr	Human Subjects and Machine Learning	Paper review due by noon CT!	Required Reading A Human Study of Automatically Generated Decompiler Annotations. Yuwei Yang, Skyler Grandel, Jeremy Lacomis, Edward Schqartz, Bogdan Vasilescu, Claire Le Goues, Kevin Leach. DSN 2025. Optional Reading DIRE: A Neural Approach to Decompiled Identifier Naming. Jeremy Lacomis, Pengcheng Yin, Edward J. Schqarts, Miltiadis Allamanis, Claire Le Goues, Graham Neubig, Bogdan Vasilescu. ASE 2019. “Len or index or count, anything but v1”: Predicting Variable Names in Decompilation Output with Transfer Learning. Kuntal Kumar Pal, Ati Priya Bajaj, Pratyay Banerjee, Audrey Dutcher, Mutsumi Nakamura, Zion Leonahenahe Basque, Himanshu Gupta, Saurabh Arjun Sawant, Ujjwala Anantheswaran, Yan Shoshitaishvili, Adam Doupe, Chitta Baral, Ruoyu Wang. Oakland 2024.
Section 7: Potpourri Topics
W 8-Apr	Autonomous vehicles		Required reading: START: A Framework for Trusted and Resilient Autonomous Vehicles. Kevin Leach, Christopher Timperley, Kevin Angdtadt, Anh Nguyen-Tuong, Jason Hiser, Aaron Paulos, Partha Pal, Patrick Hurley, Carl Thomas, Jack W. Davidson, Stephanie Forrest, Claire Le Goues, Westley Weimer. In ISSRE 2022. Optional reading(s): Selective Symbolic Type-Guided Checkpointing and Restoration for Autonomous Vehicle Repair. By Yu Huang, Kevin Angstadt, Kevin Leach, and Westley Weimer. In APR 2020. A Comprehensive Study of Autonomous Vehicle Bugs. By Joshua Garcia, Yang Feng, Junjie Shen, Sumaya Almanee, Yuan Xia, and Qi Alfred Chen. In ICSE 2020.
M 13-Apr	TOR, Bitcoin, and Network Security	HW3 due Monday 4/13 at 11:59PM Central	Required reading: Tor: The Second-Generation Onion Router. Roger Dingledine, Nick Nathewson, and Paul Syverson. USENIX 2004. Bitcoin: A Peer-to-Peer Electronic Cash System. "Satoshi Nakamoto" (pseudonym). This is the original Bitcoin whitepaper. Optional readings: A Longitudinal, End-to-End View of the DNSSEC Ecosystem.. Taejoon Chung, Roland van Rijswijk-Deij, Balakrishnan Chandrasekaran, David Choffnes, Dave Levin, Bruce M. Magggs, Alan Mislove, and Christo Wilson. USENIX 2017. Global Measurement of DNS Manipulation. Paul Pearce, Ben Jones, Frank Li, Roya Ensafi, Nick Feamster, Nick Weaver, and Vern Paxson. USENIX 2017. Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries. Aaron Johnson, Chris Wacek, Rob Jansen, Micah Sherr, and Paul Syverson. CCS 2013.
W 15-Apr	TBA
M 20-Apr	Final Project Presentations (day 1)	Submit your presentation slides and writeup: see here.
W 22-Apr	Final Project Presentations (day 2)

There are no exams for this class.

Course Schedule

Section 1: Introduction and Foundations

Section 2: Malware, Analysis, and Defenses

Section 3: Low Level, Hardware, Kernel, Systems Security

Section 4: Machine Learning, Large Language Models

Section 5: LLMs, Software Security, Vulnerabilities

Section 6: Human Subject Research, Research Ethics

Section 7: Potpourri Topics